From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEFE0C00144 for ; Fri, 29 Jul 2022 19:54:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238968AbiG2TyU (ORCPT ); Fri, 29 Jul 2022 15:54:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238947AbiG2TyQ (ORCPT ); Fri, 29 Jul 2022 15:54:16 -0400 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FE9888F2B for ; Fri, 29 Jul 2022 12:54:14 -0700 (PDT) Received: by mail-pf1-x42d.google.com with SMTP id 17so5568372pfy.0 for ; Fri, 29 Jul 2022 12:54:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc; bh=1EqMgjnyhc4WRsC/xGOtxHSz8izgvjHhHYaPjqj6I7s=; b=HLB5f+s+ntjkI17+2jp2WegSk0Ip1A1bt9XeV1pSaqeITXDi12YjSrxcIgZXHrMp59 UrkPVO6LhvZWQkYzIfyeY3oLoZKArVvjkRclfgyghVmxV8STbNsdGoFjh3pa12HmBMQl ZtFdRossZIy8OZmwKbexSgbozQy0t+BsKx3y85dydYJVmRQ0UfauaYy+YRuqV7R2JVVT Pwmk0Ug1XScP+SUhKwaLYZwcdNCu+i+DjGxkiIBDdXbnnPgK/7oaJTnfrjbSGXfZjqAn +yrErgsE08MPBUhSKuwXkcKKsySktnGs6hlT7NDtjtcK0DoVRdqMsEYM6+1flcqF3Q78 34ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc; bh=1EqMgjnyhc4WRsC/xGOtxHSz8izgvjHhHYaPjqj6I7s=; b=402Na0Hzdmn11uta4ASCOF+sPfBXL0w653MW/h1WPvwIEfmrAycNnuD9W18WIZU4f/ pvTHut5Xeytb6YLdAMNZwovX8m1g1dofMz5QFqQZy20rEYz5AodUvBOqQQU2HwDXndLQ 7hPszmhQS7Sag+irTlbqAfcxAUc8d2r69HUDzyhnW3nhrNJyXXV6N20mTN0KXms4abbm YvrnWxl+hz81bb4kWIijoVN/4xp3cB0YyhNAw3i5wK8ASCeQX+/BN+NdScOrefSsFbOT PH/huuBE4BUtMP41HrGwA2FH+ofHhQkWK3fVoZKBBV75B1PlwOIEHKLTMq429LEz0Fta bSNQ== X-Gm-Message-State: AJIora/CgM1Jh952YOc5JS08LI4t065BeFRrRL6IUj1GMa9QGj+KMegX TtpMTbmYGGlriIvLThWca887Ow== X-Google-Smtp-Source: AGRyM1sksopPXKQjAD2apX+GAbdmTP47VUrtEH0MoOErsIDT2svJe3Hlaz8mC5fBxKu7A6Sbx+StHA== X-Received: by 2002:a05:6a00:1d26:b0:52b:f8ab:6265 with SMTP id a38-20020a056a001d2600b0052bf8ab6265mr5063293pfx.54.1659124453469; Fri, 29 Jul 2022 12:54:13 -0700 (PDT) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id 129-20020a621787000000b00518e1251197sm3332537pfx.148.2022.07.29.12.54.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Jul 2022 12:54:12 -0700 (PDT) Date: Fri, 29 Jul 2022 19:54:09 +0000 From: Sean Christopherson To: Chao Peng Cc: Wei Wang , "Gupta, Pankaj" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, linux-kselftest@vger.kernel.org, Paolo Bonzini , Jonathan Corbet , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , Michael Roth , mhocko@suse.com, Muchun Song Subject: Re: [PATCH v7 11/14] KVM: Register/unregister the guest private memory regions Message-ID: References: <20220719140843.GA84779@chaop.bj.intel.com> <36e671d2-6b95-8e4f-c2ac-fee4b2670c6e@amd.com> <20220720150706.GB124133@chaop.bj.intel.com> <45ae9f57-d595-f202-abb5-26a03a2ca131@linux.intel.com> <20220721092906.GA153288@chaop.bj.intel.com> <20220725130417.GA304216@chaop.bj.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220725130417.GA304216@chaop.bj.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 25, 2022, Chao Peng wrote: > On Thu, Jul 21, 2022 at 05:58:50PM +0000, Sean Christopherson wrote: > > On Thu, Jul 21, 2022, Chao Peng wrote: > > > On Thu, Jul 21, 2022 at 03:34:59PM +0800, Wei Wang wrote: > > > > > > > > > > > > On 7/21/22 00:21, Sean Christopherson wrote: > > > > Maybe you could tag it with cgs for all the confidential guest support > > > > related stuff: e.g. kvm_vm_ioctl_set_cgs_mem() > > > > > > > > bool is_private = ioctl == KVM_MEMORY_ENCRYPT_REG_REGION; > > > > ... > > > > kvm_vm_ioctl_set_cgs_mem(, is_private) > > > > > > If we plan to widely use such abbr. through KVM (e.g. it's well known), > > > I'm fine. > > > > I'd prefer to stay away from "confidential guest", and away from any VM-scoped > > name for that matter. User-unmappable memmory has use cases beyond hiding guest > > state from the host, e.g. userspace could use inaccessible/unmappable memory to > > harden itself against unintentional access to guest memory. > > > > > I actually use mem_attr in patch: https://lkml.org/lkml/2022/7/20/610 > > > But I also don't quite like it, it's so generic and sounds say nothing. > > > > > > But I do want a name can cover future usages other than just > > > private/shared (pKVM for example may have a third state). > > > > I don't think there can be a third top-level state. Memory is either private to > > the guest or it's not. There can be sub-states, e.g. memory could be selectively > > shared or encrypted with a different key, in which case we'd need metadata to > > track that state. > > > > Though that begs the question of whether or not private_fd is the correct > > terminology. E.g. if guest memory is backed by a memfd that can't be mapped by > > userspace (currently F_SEAL_INACCESSIBLE), but something else in the kernel plugs > > that memory into a device or another VM, then arguably that memory is shared, > > especially the multi-VM scenario. > > > > For TDX and SNP "private vs. shared" is likely the correct terminology given the > > current specs, but for generic KVM it's probably better to align with whatever > > terminology is used for memfd. "inaccessible_fd" and "user_inaccessible_fd" are > > a bit odd since the fd itself is accesible. > > > > What about "user_unmappable"? E.g. > > > > F_SEAL_USER_UNMAPPABLE, MFD_USER_UNMAPPABLE, KVM_HAS_USER_UNMAPPABLE_MEMORY, > > MEMFILE_F_USER_INACCESSIBLE, user_unmappable_fd, etc... > > For KVM I also think user_unmappable looks better than 'private', e.g. > user_unmappable_fd/KVM_HAS_USER_UNMAPPABLE_MEMORY sounds more > appropriate names. For memfd however, I don't feel that strong to change > it from current 'inaccessible' to 'user_unmappable', one of the reason > is it's not just about unmappable, but actually also inaccessible > through direct ioctls like read()/write(). Heh, I _knew_ there had to be a catch. I agree that INACCESSIBLE is better for memfd.